Hey, I am out of ideas what could be the issue. I have a MikroTik Router hosted on AWS (via the “Cloud Hosted Router” subscription offered by MikroTik). I use it to provide a static IP for stuff on my internal network as descripted in my first post (http://forum.mikrotik.com/t/solved-port-forwarding-from-mikrotik-router-to-internal-network-behind-ds-lite-via-wireguard/178969/1). Here a little pictogram what I am doing:
The reason I use a CHR is that my internet provider doesn’t provide me with a static public IP, just with a dynamic one and I don’t want to utilize a DDNS. My next provider will not even provide me a public IP any longer and only uses DS-Lite (NAT), thus I thought, I will preemptively go this route to expose the services I need to the internet. The set-up is complete and I am successfully able to expose ports to my internal network, so a request to port 12345 goes the path:
Internet → MikroTik Router on AWS:12345 → WireGuard Tunnel (Initiated from the internal VM) → Debian VM in my internal network → Destination determined by dst-nat on MikroTikVM:12345
I noticed that the connection seemed very slow, thus I did some testing using iPerf. If I expose the destination directly on my router and do a iPerf:
Internet → My Router (Dynamic Public IP) with Port Forwarding → Destination running iPerf Server
I get a throughput of 60 Mibs/s, which is what I would expect. If I do the same via the CHR, the performance drops to 1 Mbits/s. iPerf from my Debian VM to the Destination is 20.3 Gbits/sec, so it definitely is not a bottle neck of the VM. There is nothing else running on my CHR, so the CPU / network should idle and as it is running with a t3.micro instance, there should be plenty of resources available on AWS. Any idea what could be the reason for the bandwidth limitation I am seeing? Thanks!